more merging
This commit is contained in:
parent
e08118a52f
commit
1f11ac90ee
@ -43,7 +43,9 @@ allow dovecot_t self:fifo_file rw_file_perms;
|
|||||||
can_kerberos(dovecot_t)
|
can_kerberos(dovecot_t)
|
||||||
|
|
||||||
allow dovecot_t tmp_t:dir search;
|
allow dovecot_t tmp_t:dir search;
|
||||||
rw_dir_file(dovecot_t, mail_spool_t)
|
rw_dir_create_file(dovecot_t, mail_spool_t)
|
||||||
|
|
||||||
|
|
||||||
create_dir_file(dovecot_t, dovecot_spool_t)
|
create_dir_file(dovecot_t, dovecot_spool_t)
|
||||||
create_dir_file(mta_delivery_agent, dovecot_spool_t)
|
create_dir_file(mta_delivery_agent, dovecot_spool_t)
|
||||||
allow dovecot_t mail_spool_t:lnk_file read;
|
allow dovecot_t mail_spool_t:lnk_file read;
|
||||||
|
@ -14,7 +14,7 @@
|
|||||||
#
|
#
|
||||||
bool pppd_for_user false;
|
bool pppd_for_user false;
|
||||||
|
|
||||||
daemon_domain(pppd, `, privmail')
|
daemon_domain(pppd, `, privmail, privsysmod, nscd_client_domain')
|
||||||
type pppd_secret_t, file_type, sysadmfile;
|
type pppd_secret_t, file_type, sysadmfile;
|
||||||
|
|
||||||
# Define a separate type for /etc/ppp
|
# Define a separate type for /etc/ppp
|
||||||
@ -36,7 +36,7 @@ can_network_server(pppd_t)
|
|||||||
can_ypbind(pppd_t)
|
can_ypbind(pppd_t)
|
||||||
|
|
||||||
# Use capabilities.
|
# Use capabilities.
|
||||||
allow pppd_t self:capability { net_admin setuid setgid fsetid fowner net_raw dac_override };
|
allow pppd_t self:capability { net_admin setuid setgid fsetid fowner net_raw dac_override sys_module };
|
||||||
lock_domain(pppd)
|
lock_domain(pppd)
|
||||||
|
|
||||||
# Access secret files
|
# Access secret files
|
||||||
@ -54,6 +54,7 @@ allow postfix_postqueue_t pppd_t:process sigchld;
|
|||||||
can_exec(pppd_t, { shell_exec_t bin_t sbin_t etc_t ifconfig_exec_t })
|
can_exec(pppd_t, { shell_exec_t bin_t sbin_t etc_t ifconfig_exec_t })
|
||||||
allow pppd_t { bin_t sbin_t }:dir search;
|
allow pppd_t { bin_t sbin_t }:dir search;
|
||||||
allow pppd_t { sbin_t bin_t }:lnk_file read;
|
allow pppd_t { sbin_t bin_t }:lnk_file read;
|
||||||
|
allow ifconfig_t pppd_t:fd use;
|
||||||
|
|
||||||
# Access /dev/ppp.
|
# Access /dev/ppp.
|
||||||
allow pppd_t ppp_device_t:chr_file rw_file_perms;
|
allow pppd_t ppp_device_t:chr_file rw_file_perms;
|
||||||
@ -111,7 +112,7 @@ domain_auto_trans(pppd_t, insmod_exec_t, insmod_t)
|
|||||||
')
|
')
|
||||||
}
|
}
|
||||||
|
|
||||||
daemon_domain(pptp)
|
daemon_domain(pptp, `, nscd_client_domain')
|
||||||
can_network_client_tcp(pptp_t)
|
can_network_client_tcp(pptp_t)
|
||||||
allow pptp_t { reserved_port_type port_t }:tcp_socket name_connect;
|
allow pptp_t { reserved_port_type port_t }:tcp_socket name_connect;
|
||||||
can_exec(pptp_t, hostname_exec_t)
|
can_exec(pptp_t, hostname_exec_t)
|
||||||
@ -144,3 +145,4 @@ dontaudit ndc_t pppd_t:fd use;
|
|||||||
# Allow /etc/ppp/ip-{up,down} to run most anything
|
# Allow /etc/ppp/ip-{up,down} to run most anything
|
||||||
type pppd_script_exec_t, file_type, sysadmfile;
|
type pppd_script_exec_t, file_type, sysadmfile;
|
||||||
domain_auto_trans(pppd_t, pppd_script_exec_t, initrc_t)
|
domain_auto_trans(pppd_t, pppd_script_exec_t, initrc_t)
|
||||||
|
allow pppd_t initrc_t:process noatsecure;
|
||||||
|
@ -20,6 +20,6 @@
|
|||||||
/etc/ppp/plugins/rp-pppoe\.so -- system_u:object_r:shlib_t
|
/etc/ppp/plugins/rp-pppoe\.so -- system_u:object_r:shlib_t
|
||||||
/etc/ppp/resolv\.conf -- system_u:object_r:pppd_etc_rw_t
|
/etc/ppp/resolv\.conf -- system_u:object_r:pppd_etc_rw_t
|
||||||
# Fix pptp sockets
|
# Fix pptp sockets
|
||||||
/var/run/pptp(/.*)? -- system_u:object_r:pptp_var_run_t
|
/var/run/pptp(/.*)? system_u:object_r:pptp_var_run_t
|
||||||
# Fix /etc/ppp {up,down} family scripts (see man pppd)
|
# Fix /etc/ppp {up,down} family scripts (see man pppd)
|
||||||
/etc/ppp/(auth|ip(v6|x)?)-(up|down) -- system_u:object_r:pppd_script_exec_t
|
/etc/ppp/(auth|ip(v6|x)?)-(up|down) -- system_u:object_r:pppd_script_exec_t
|
||||||
|
Loading…
Reference in New Issue
Block a user